looking up pgp keys

John Clizbe John at enigmail.net
Thu Sep 12 01:48:57 CEST 2013

LTim Prepscius wrote:
> Thank you very much for this feed back.
> I'm thinking, thinking, thinking...
> Here is sort of a naive question:
> Why aren't the results from the http://pgp.mit.edu:11371 signed with their key?
> They have an http request but there is no way I can tell if I've been mitm-ed.

As others have replied, it's not the keyserver's responsibility

> I should be able to ask each server I request from, the public key of
> the other servers, and then check the signature of each against each
> other
> ??
> Is this implemented and I'm missing it somehow?

Aside from what is required to calculate a fingerprint, and in SKS' case the
hash used in reconiliation, there is NO crypto functionality built into the
keyserver software. That responsibility rests with the client software.

John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130911/b258318c/attachment-0001.sig>

More information about the Gnupg-devel mailing list